China-linked threat actor deploying Medusa ransomware via zero-day chains in Ivanti, JetBrains, and more. High-speed attacks, 24-hour ransomware drops.

Does Storm-1175 target Linux systems?

Yes, recently hitting Oracle WebLogic on Linux with unknown vulns, plus Windows everywhere else.

How to stop Medusa ransomware from Storm-1175?

Patch all listed CVEs now, monitor RMM tools, block LOLBins, enforce MFA — and segment your network.

🦠 Ransomware & Malware

Storm-1175's Zero-Day Rampage: China Hackers Dropping Medusa Ransomware in Record Time

Ever wonder why your firewall feels like a screen door against pros? China-based Storm-1175 is chaining zero-days to unleash Medusa ransomware faster than you can say 'patch Tuesday.'

Threat Digest Apr 07, 2026 3 min read

Digital map showing Storm-1175 ransomware attacks on global networks with zero-day exploit chains

⚡ Key Takeaways

Storm-1175 exploits zero-days like CVE-2025-10035 pre-disclosure for ultra-fast Medusa ransomware deployment. 𝕏
RMM tools are prime for abuse — attackers blend in via trusted platforms like ScreenConnect. 𝕏
Healthcare, finance, education hit hardest; patch gaps let them rotate vulns rapidly. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#China threat actor #Medusa ransomware #Storm-1175 #zero-day exploits

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Storm-1175's 16-Vulnerability Blitz Powers Medusa Ransomware Onslaught

Storm-1175's Zero-Day Blitz: Ransomware Hits Where It Hurts Most

Medusa Ransomware: Zero-Days to Encryption in Under 24 Hours

Project Zero's Blog Glow-Up: Old Exploits Still Fresh as Yesterday's Zero-Day

Stay in the loop